Jump to content

Please help me remove generic29.ajge


Recommended Posts

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

avpsettings.gif

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

Link to post
Share on other sites

It found lots of password protected files too. Status: Deleted (events: 4)

26/05/2013 23:55:53 Deleted Trojan program Trojan.Win32.Genome.ailnk C:\FRST\Quarantine\$4aa5e0f9f248a9e84b502c13be0defc1\U\80000000.@ High

26/05/2013 23:55:58 Deleted Trojan program Backdoor.Win32.ZAccess.cfor C:\FRST\Quarantine\$4aa5e0f9f248a9e84b502c13be0defc1\U\80000032.@ High

26/05/2013 23:55:57 Deleted Trojan program Trojan-Downloader.WMA.Wimad.o C:\OLD LAPTOP FILES\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60A23E58.wma High

26/05/2013 23:55:57 Deleted Trojan program Trojan-Downloader.WMA.Wimad.o C:\OLD LAPTOP FILES\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60A23E58.wma//CryptFF High

Link to post
Share on other sites

Tried to run an AVG whole computer scan, despite reporting as up-to-date, the scan took 1 second and reported clean! Internet Explorer opens but neither saved links nor directly entered sites work. Had to use Firefox to measure internet speed ( <3Mbps when normally >6Mbps), net connection shut down by me straight after test was completed. Do you think I'm now clean?

Link to post
Share on other sites

IE and Firefox reset, IE still not working, Speedtest.net in Firefox returning normal net speed of >6Mbps. Restarted PC, message that Kaspersky c:\windows\temp\rarsfxo\5690975.exe is requesting your permission to run (looks like an uninstall routine at the dos prompt). Seems I'm locked out of several folders, unable to modify desktop (new folder etc.), start menu contains no recently used programs etc. Please could you recommend AV and malware to install next time I connect to the network?

Link to post
Share on other sites

  • 2 weeks later...

Hi Maniac, I'm back from holiday, thanks for waiting. I am finding the system unusable under my user name, I am unable to...make changes to the desktop (right click-new-shows empty) etc, am locked out of several folders, am unable to make some changes to windows, IE won't respond. It seems I'm severely restricted. I have made another user (Rob-2) with full permissions, IE works, have linked to my old desktop which I can access without problems thus far, have installed Microsoft security essentials as per your approved list. However, I have found suspicious entries under 'scheduled tasks' as Real player updaters which mention ' S-1-5-21-1064342506-1899143691-2716940641-1001 ', this string was quoted by AVG when it found the Trojan !! Can the original user be returned to a usable state? If not, could the replacement user (Rob-2) be made to replace my original user, with access to it's desktop/files/progs etc? Cheers Rob

Link to post
Share on other sites

Would you think a format is the way forward?

My main aim was to recover files/photos if a format is needed. Would this be wise or would you say they are not to be trusted?

Would you trust a recovery from the backup partition on this hard drive?

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-06-2013

Ran by SYSTEM on 08-06-2013 20:58:24

Running from G:\

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Recovery

The current controlset is ControlSet001

ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12446824 2012-01-31] (Realtek Semiconductor)

HKLM\...\Run: [sRS Premium Sound HD] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h [223180 2012-02-06] ()

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-19] (Synaptics Incorporated)

HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-22] (TOSHIBA Corporation)

HKLM\...\Run: [TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [989056 2011-12-13] (TOSHIBA Corporation)

HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1548208 2011-11-24] (TOSHIBA Corporation)

HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation)

HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-11-25] (TOSHIBA Corporation)

HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)

HKLM\...\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)

HKLM\...\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2012-02-16] (Toshiba Europe GmbH)

HKLM\...\Run: [snp2std] C:\windows\vsnp2std.exe [344064 2007-09-28] (Sonix)

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)

HKLM-x32\...\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart [1492264 2011-11-18] (Nero AG)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2012-01-20] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [80840 2011-04-01] (TOSHIBA CORPORATION)

HKLM-x32\...\Run: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-01-05] (Intel Corporation)

HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1298816 2011-07-11] (TOSHIBA Corporation)

HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1151152 2013-02-18] ()

HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [979328 2010-10-12] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [uVS10 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe [36864 2006-08-09] (Ulead Systems, Inc.)

HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)

HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [295512 2013-04-03] (RealNetworks, Inc.)

HKU\Default\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-16] (TOSHIBA)

HKU\Default User\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-16] (TOSHIBA)

HKU\ROB ADMIN 2\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-16] (TOSHIBA)

HKU\ROB ADMIN 2\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-02-16] (Google Inc.)

HKU\ROB ADMIN 2\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB [1266712 2013-06-07] (AVG Secure Search)

Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth Manager.lnk

ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)

Startup: C:\ProgramData\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk

ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

Startup: C:\Users\ROB ADMIN 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Services (Whitelisted) =================

S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)

S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

S2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] ()

S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)

S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-05] ()

S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)

S2 vToolbarUpdater14.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [968880 2013-02-18] ()

==================== Drivers (Whitelisted) ====================

S1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [39768 2013-02-18] (AVG Technologies)

S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)

S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)

S3 SNP2STD; C:\Windows\System32\DRIVERS\snp2sxp.sys [12528768 2007-09-10] ()

S3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1816968 2010-04-16] (Syntek)

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

S3 TDEIO; \??\C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-07 12:51 - 2013-06-07 12:51 - 00000350 ____A C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job

2013-06-06 14:37 - 2013-06-06 14:53 - 00000000 ____D C:\Users\ROB ADMIN 2\Desktop\tdss

2013-06-06 11:37 - 2013-06-06 11:39 - 00001157 ____A C:\Users\Rob\OLD Desktop.lnk

2013-06-06 10:47 - 2013-06-06 10:47 - 00000000 ____D C:\Users\ROB ADMIN 2\Documents\Ulead VideoStudio SE

2013-06-05 15:37 - 2013-06-05 15:38 - 00001705 ____A C:\Users\ROB ADMIN 2\Desktop\Rob.lnk

2013-06-05 15:13 - 2013-06-05 15:13 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\TOSHIBA Online Product Information

2013-06-05 15:09 - 2013-06-06 14:36 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\Google

2013-06-05 15:09 - 2013-06-05 15:09 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Local\Google

2013-06-05 15:08 - 2013-06-05 15:08 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\RealNetworks

2013-06-05 15:07 - 2013-06-06 10:47 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\Ulead Systems

2013-06-05 15:07 - 2013-06-05 15:07 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\Toshiba

2013-06-05 15:07 - 2013-06-05 15:07 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Local\SRS Labs

2013-06-05 15:07 - 2013-06-05 15:07 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Local\ArcSoft

2013-06-05 15:06 - 2013-06-05 15:13 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Local\TOSHIBA

2013-06-05 15:06 - 2013-06-05 15:07 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\ArcSoft

2013-06-05 15:06 - 2013-06-05 15:06 - 00070168 ____A C:\Users\ROB ADMIN 2\AppData\Local\GDIPFONTCACHEV1.DAT

2013-06-05 15:06 - 2013-06-05 15:06 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\Real

2013-06-05 15:06 - 2013-06-05 15:06 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\Epson

2013-06-05 15:06 - 2013-06-05 15:06 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\ATI

2013-06-05 15:06 - 2013-06-05 15:06 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\Adobe

2013-06-05 15:06 - 2013-06-05 15:06 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Local\AVG Secure Search

2013-06-05 15:06 - 2013-06-05 15:06 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Local\ATI

2013-06-05 15:05 - 2013-06-05 15:06 - 00000000 ____D C:\users\ROB ADMIN 2

2013-06-05 15:05 - 2013-06-05 15:05 - 00000020 ___SH C:\Users\ROB ADMIN 2\ntuser.ini

2013-06-05 15:05 - 2013-06-05 15:05 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Local\VirtualStore

2013-06-05 15:05 - 2012-10-12 08:52 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\TuneUp Software

2013-06-05 15:05 - 2012-05-29 09:43 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\Macromedia

2013-06-05 14:37 - 2013-06-05 15:01 - 00000000 ___RD C:\Users\Rob\Desktop\downloads-2

2013-06-05 11:35 - 2013-06-05 11:35 - 00000000 ____D C:\Program Files\Microsoft Security Client

2013-06-05 11:35 - 2013-06-05 11:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client

2013-06-05 11:31 - 2013-06-05 11:35 - 00001945 ____A C:\Windows\epplauncher.mif

2013-05-27 15:36 - 2013-05-27 15:36 - 00000000 ____D C:\Users\Rob\Desktop\Old Firefox Data

2013-05-27 15:17 - 2013-05-27 15:17 - 00168358 ____A C:\Users\Rob\Documents\bookmark.htm

2013-05-26 17:18 - 2013-05-26 17:20 - 138768078 ____A C:\Users\Rob\Desktop\avp-report.txt

2013-05-26 17:14 - 2013-05-26 17:14 - 00000727 ____A C:\Users\Rob\Desktop\avp.txt

2013-05-26 14:02 - 2013-05-26 14:02 - 00000000 ____D C:\ProgramData\Kaspersky Lab

2013-05-26 14:00 - 2013-05-26 13:59 - 168118704 ____A C:\Users\Rob\Desktop\setup_11.0.0.1245.x01_2013_05_26_23_45.exe

2013-05-26 09:43 - 2013-05-26 09:43 - 00025492 ____A C:\Users\Rob\Desktop\combofix2.txt

2013-05-26 09:39 - 2013-05-26 09:39 - 00025492 ____A C:\ComboFix.txt

2013-05-24 14:16 - 2013-05-24 14:15 - 02347384 ____A (ESET) C:\Users\Rob\Desktop\esetsmartinstaller_enu.exe

2013-05-24 11:41 - 2013-05-26 09:39 - 00000000 ____D C:\Qoobox

2013-05-24 11:41 - 2013-05-24 11:50 - 00000000 ____D C:\Windows\erdnt

2013-05-24 11:41 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe

2013-05-24 11:41 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe

2013-05-24 11:41 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2013-05-24 11:41 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2013-05-24 11:41 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2013-05-24 11:41 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe

2013-05-24 11:41 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe

2013-05-24 11:41 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe

2013-05-24 11:35 - 2013-05-24 11:34 - 05070409 ___RA (Swearware) C:\Users\Rob\Desktop\ComboFix.exe

2013-05-23 12:23 - 2013-05-19 04:13 - 00021347 ____A C:\Users\Rob\Desktop\FRST.txt

2013-05-19 13:11 - 2013-05-19 13:11 - 00000000 ____D C:\FRST

2013-05-19 08:13 - 2013-05-19 08:13 - 00124832 ____A C:\Users\Rob\Desktop\bookmark.txt

2013-05-19 03:59 - 2013-05-19 03:59 - 00001898 ____A C:\Users\Rob\Desktop\1.txt

2013-05-19 02:53 - 2013-05-19 02:53 - 00002186 ____A C:\Users\Rob\Desktop\instructions1.txt

2013-05-18 04:06 - 2013-05-18 04:06 - 00014872 ____A C:\Users\Rob\Desktop\attach.txt

2013-05-18 04:06 - 2013-05-18 04:05 - 00018615 ____A C:\Users\Rob\Desktop\dds.txt

2013-05-18 03:52 - 2013-05-18 03:52 - 00688992 ____A (Swearware) C:\Users\Rob\Desktop\dds.com

2013-05-17 14:32 - 2013-05-17 14:32 - 00159721 ____A C:\Users\Rob\Desktop\bookmark.htm

2013-05-16 12:32 - 2013-05-16 12:33 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Rob\Desktop\mbam-setup-1.75.0.1300.exe

2013-05-16 08:57 - 2013-05-16 08:57 - 00000197 ____A C:\Windows\System32\MRT.INI

2013-05-16 08:44 - 2013-04-04 22:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-05-16 08:44 - 2013-04-04 22:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-05-16 08:44 - 2013-04-04 22:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-05-16 08:44 - 2013-04-04 22:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-05-16 08:44 - 2013-04-04 22:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-05-16 08:44 - 2013-04-04 22:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-05-16 08:44 - 2013-04-04 22:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-05-16 08:44 - 2013-04-04 22:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-05-16 08:44 - 2013-04-04 22:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-05-16 08:44 - 2013-04-04 22:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-05-16 08:44 - 2013-04-04 22:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-05-16 08:44 - 2013-04-04 22:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-05-16 08:44 - 2013-04-04 22:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-05-16 08:44 - 2013-04-04 22:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-05-16 08:44 - 2013-04-04 21:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-05-16 08:44 - 2013-04-04 21:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-05-16 08:44 - 2013-04-04 21:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-05-16 08:44 - 2013-04-04 21:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-05-16 08:44 - 2013-04-04 21:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-05-16 08:44 - 2013-04-04 21:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-05-16 08:44 - 2013-04-04 21:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-05-16 08:44 - 2013-04-04 21:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-05-16 08:44 - 2013-04-04 21:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-05-16 08:44 - 2013-04-04 21:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-05-16 08:44 - 2013-04-04 21:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-05-16 08:44 - 2013-04-04 21:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-05-16 08:44 - 2013-04-04 21:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-05-16 08:44 - 2013-04-04 20:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-05-16 08:44 - 2013-04-04 20:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-05-16 08:44 - 2013-04-04 19:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2013-05-16 08:44 - 2013-04-04 19:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-05-15 09:30 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys

2013-05-15 09:30 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys

2013-05-15 09:30 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-05-15 09:30 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll

2013-05-15 09:30 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll

2013-05-15 09:30 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe

2013-05-15 09:30 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2013-05-15 09:30 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll

2013-05-15 09:30 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll

2013-05-15 09:30 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll

2013-05-15 09:30 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2013-05-15 09:30 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

2013-05-15 09:30 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2013-05-14 15:00 - 2013-05-14 15:40 - 00000180 ____A C:\Users\Rob\Desktop\avgrep.txt

==================== One Month Modified Files and Folders =======

2013-06-08 11:51 - 2012-04-12 16:40 - 01923439 ____A C:\Windows\WindowsUpdate.log

2013-06-08 11:48 - 2012-02-16 18:24 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-06-08 11:48 - 2012-02-16 18:24 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-06-08 11:48 - 2012-02-16 18:19 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-06-07 12:51 - 2013-06-07 12:51 - 00000350 ____A C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job

2013-06-07 12:51 - 2012-10-05 09:28 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search

2013-06-07 11:13 - 2013-04-11 22:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-06-07 10:03 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-06-07 10:03 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-06-06 14:53 - 2013-06-06 14:37 - 00000000 ____D C:\Users\ROB ADMIN 2\Desktop\tdss

2013-06-06 14:36 - 2013-06-05 15:09 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\Google

2013-06-06 11:49 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-06-06 11:49 - 2009-07-13 20:51 - 00058366 ____A C:\Windows\setupact.log

2013-06-06 11:42 - 2012-05-29 09:29 - 00000000 ____D C:\users\Rob

2013-06-06 11:39 - 2013-06-06 11:37 - 00001157 ____A C:\Users\Rob\OLD Desktop.lnk

2013-06-06 10:47 - 2013-06-06 10:47 - 00000000 ____D C:\Users\ROB ADMIN 2\Documents\Ulead VideoStudio SE

2013-06-06 10:47 - 2013-06-05 15:07 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\Ulead Systems

2013-06-05 15:38 - 2013-06-05 15:37 - 00001705 ____A C:\Users\ROB ADMIN 2\Desktop\Rob.lnk

2013-06-05 15:13 - 2013-06-05 15:13 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\TOSHIBA Online Product Information

2013-06-05 15:13 - 2013-06-05 15:06 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Local\TOSHIBA

2013-06-05 15:09 - 2013-06-05 15:09 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Local\Google

2013-06-05 15:08 - 2013-06-05 15:08 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\RealNetworks

2013-06-05 15:07 - 2013-06-05 15:07 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\Toshiba

2013-06-05 15:07 - 2013-06-05 15:07 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Local\SRS Labs

2013-06-05 15:07 - 2013-06-05 15:07 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Local\ArcSoft

2013-06-05 15:07 - 2013-06-05 15:06 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\ArcSoft

2013-06-05 15:06 - 2013-06-05 15:06 - 00070168 ____A C:\Users\ROB ADMIN 2\AppData\Local\GDIPFONTCACHEV1.DAT

2013-06-05 15:06 - 2013-06-05 15:06 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\Real

2013-06-05 15:06 - 2013-06-05 15:06 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\Epson

2013-06-05 15:06 - 2013-06-05 15:06 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\ATI

2013-06-05 15:06 - 2013-06-05 15:06 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Roaming\Adobe

2013-06-05 15:06 - 2013-06-05 15:06 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Local\AVG Secure Search

2013-06-05 15:06 - 2013-06-05 15:06 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Local\ATI

2013-06-05 15:06 - 2013-06-05 15:05 - 00000000 ____D C:\users\ROB ADMIN 2

2013-06-05 15:05 - 2013-06-05 15:05 - 00000020 ___SH C:\Users\ROB ADMIN 2\ntuser.ini

2013-06-05 15:05 - 2013-06-05 15:05 - 00000000 ____D C:\Users\ROB ADMIN 2\AppData\Local\VirtualStore

2013-06-05 15:01 - 2013-06-05 14:37 - 00000000 ___RD C:\Users\Rob\Desktop\downloads-2

2013-06-05 11:35 - 2013-06-05 11:35 - 00000000 ____D C:\Program Files\Microsoft Security Client

2013-06-05 11:35 - 2013-06-05 11:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client

2013-06-05 11:35 - 2013-06-05 11:31 - 00001945 ____A C:\Windows\epplauncher.mif

2013-06-05 11:32 - 2010-11-20 19:47 - 00036242 ____A C:\Windows\PFRO.log

2013-06-05 11:28 - 2012-10-05 09:27 - 00000000 ____D C:\ProgramData\AVG2013

2013-06-05 11:28 - 2012-10-05 09:22 - 00000000 ____D C:\Users\Rob\Local Settings\Application Data\Avg2013

2013-06-05 11:28 - 2012-10-05 09:22 - 00000000 ____D C:\Users\Rob\AppData\Local\Avg2013

2013-06-05 11:28 - 2012-06-05 10:54 - 00000000 ____D C:\ProgramData\MFAData

2013-05-27 15:36 - 2013-05-27 15:36 - 00000000 ____D C:\Users\Rob\Desktop\Old Firefox Data

2013-05-27 15:17 - 2013-05-27 15:17 - 00168358 ____A C:\Users\Rob\Documents\bookmark.htm

2013-05-26 17:20 - 2013-05-26 17:18 - 138768078 ____A C:\Users\Rob\Desktop\avp-report.txt

2013-05-26 17:14 - 2013-05-26 17:14 - 00000727 ____A C:\Users\Rob\Desktop\avp.txt

2013-05-26 14:02 - 2013-05-26 14:02 - 00000000 ____D C:\ProgramData\Kaspersky Lab

2013-05-26 13:59 - 2013-05-26 14:00 - 168118704 ____A C:\Users\Rob\Desktop\setup_11.0.0.1245.x01_2013_05_26_23_45.exe

2013-05-26 09:43 - 2013-05-26 09:43 - 00025492 ____A C:\Users\Rob\Desktop\combofix2.txt

2013-05-26 09:39 - 2013-05-26 09:39 - 00025492 ____A C:\ComboFix.txt

2013-05-26 09:39 - 2013-05-24 11:41 - 00000000 ____D C:\Qoobox

2013-05-26 09:38 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini

2013-05-25 05:27 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache

2013-05-24 14:15 - 2013-05-24 14:16 - 02347384 ____A (ESET) C:\Users\Rob\Desktop\esetsmartinstaller_enu.exe

2013-05-24 11:51 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default

2013-05-24 11:50 - 2013-05-24 11:41 - 00000000 ____D C:\Windows\erdnt

2013-05-24 11:34 - 2013-05-24 11:35 - 05070409 ___RA (Swearware) C:\Users\Rob\Desktop\ComboFix.exe

2013-05-24 10:44 - 2012-06-10 14:06 - 00000000 ____D C:\Users\Rob\AppData\Roaming\SoftGrid Client

2013-05-23 12:19 - 2012-08-30 10:09 - 00004914 ____A C:\Users\Rob\Desktop\T-Mobile.txt

2013-05-19 14:28 - 2012-05-29 09:44 - 00000000 ____D C:\Users\Rob\AppData\Roaming\Toshiba

2013-05-19 13:11 - 2013-05-19 13:11 - 00000000 ____D C:\FRST

2013-05-19 12:52 - 2012-06-07 14:07 - 00501816 ____A C:\Users\Rob\AppData\Roaming\mv.db

2013-05-19 08:44 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp

2013-05-19 08:13 - 2013-05-19 08:13 - 00124832 ____A C:\Users\Rob\Desktop\bookmark.txt

2013-05-19 04:13 - 2013-05-23 12:23 - 00021347 ____A C:\Users\Rob\Desktop\FRST.txt

2013-05-19 03:59 - 2013-05-19 03:59 - 00001898 ____A C:\Users\Rob\Desktop\1.txt

2013-05-19 02:53 - 2013-05-19 02:53 - 00002186 ____A C:\Users\Rob\Desktop\instructions1.txt

2013-05-19 02:36 - 2009-07-13 21:13 - 00779998 ____A C:\Windows\System32\PerfStringBackup.INI

2013-05-18 04:06 - 2013-05-18 04:06 - 00014872 ____A C:\Users\Rob\Desktop\attach.txt

2013-05-18 04:05 - 2013-05-18 04:06 - 00018615 ____A C:\Users\Rob\Desktop\dds.txt

2013-05-18 03:52 - 2013-05-18 03:52 - 00688992 ____A (Swearware) C:\Users\Rob\Desktop\dds.com

2013-05-17 14:32 - 2013-05-17 14:32 - 00159721 ____A C:\Users\Rob\Desktop\bookmark.htm

2013-05-17 14:04 - 2012-05-29 10:05 - 00000000 ____D C:\Users\Rob\Local Settings\Application Data\Google

2013-05-17 14:04 - 2012-05-29 10:05 - 00000000 ____D C:\Users\Rob\AppData\Local\Google

2013-05-17 11:35 - 2012-10-09 15:28 - 00017273 ____A C:\Windows\System32\avgrep.txt

2013-05-16 12:33 - 2013-05-16 12:32 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Rob\Desktop\mbam-setup-1.75.0.1300.exe

2013-05-16 09:17 - 2009-07-13 20:45 - 00292088 ____A C:\Windows\System32\FNTCACHE.DAT

2013-05-16 08:57 - 2013-05-16 08:57 - 00000197 ____A C:\Windows\System32\MRT.INI

2013-05-16 08:55 - 2012-06-01 22:13 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-05-15 15:11 - 2012-06-07 13:50 - 00000000 ____D C:\photos

2013-05-15 13:51 - 2012-06-10 07:50 - 02359320 ____A C:\snp2sxp-001.raw

2013-05-15 12:30 - 2013-04-13 02:01 - 00000000 ____D C:\Users\Rob\Desktop\550 HEXACOPTER

2013-05-15 12:24 - 2013-02-02 03:27 - 00000000 ____D C:\Program Files (x86)\APM Planner

2013-05-15 09:13 - 2012-02-16 18:19 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-05-15 09:13 - 2012-02-16 18:19 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-05-14 15:40 - 2013-05-14 15:00 - 00000180 ____A C:\Users\Rob\Desktop\avgrep.txt

2013-05-14 14:55 - 2012-06-07 13:49 - 00002063 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk

2013-05-13 15:32 - 2012-09-20 13:34 - 00000000 ____D C:\Users\Rob\AppData\Roaming\vlc

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-05-16 08:43:01

Restore point made on: 2013-05-24 11:41:57

Restore point made on: 2013-05-26 09:30:22

Restore point made on: 2013-06-05 11:24:31

Restore point made on: 2013-06-05 11:27:09

Restore point made on: 2013-06-05 11:28:25

Restore point made on: 2013-06-05 11:50:33

==================== Memory info ===========================

Percentage of memory in use: 10%

Total physical RAM: 8151.8 MB

Available physical RAM: 7334.83 MB

Total Pagefile: 8150 MB

Available Pagefile: 7324.25 MB

Total Virtual: 8192 MB

Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (TI30875400A) (Fixed) (Total:914.18 GB) (Free:807.3 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)]

Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.21 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)]

Drive g: () (Removable) (Total:1.86 GB) (Free:1.68 GB) FAT (Disk=2 Partition=1)

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 84621240)

Partition 1: (Active) - (Size=1 GB) - (Type=27)

Partition 2: (Not Active) - (Size=914 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=16 GB) - (Type=17)

========================================================

Disk: 2 (Size: 2 GB) (Disk ID: 00000000)

Partition 1: (Not Active) - (Size=2 GB) - (Type=06)

LastRegBack: 2013-06-07 10:48

==================== End Of Log ============================

Link to post
Share on other sites

Would you think a format is the way forward?

I think so.

My main aim was to recover files/photos if a format is needed. Would this be wise or would you say they are not to be trusted?

Depends on that how much they are important for you.

Would you trust a recovery from the backup partition on this hard drive?

If you have this option, you could do that.

Link to post
Share on other sites

A format it is then.

Are all file types considered possible causes of re-infection?

Is it still safe to use the recovery partition on the infected drive? or should I just format the whole drive and buy the discs from Toshiba?

Link to post
Share on other sites

Are all file types considered possible causes of re-infection?

Probably not everyone, but the biggest problems are executable files.

Is it still safe to use the recovery partition on the infected drive?

I think so.

or should I just format the whole drive and buy the discs from Toshiba?

This is the best choice. It is your personal decision.

Link to post
Share on other sites

Many thanks for your help Maniac. I've ordered the discs from Toshiba as the best option. Can anything else be run alongside Microsoft security essentials? or would it be better to run standalone firewall/anti-spyware etc? PS. Donation sent in way of a thanks.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.